%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%  Copyright by Wenliang Du.                                       %%
%%  This work is licensed under the Creative Commons                %%
%%  Attribution-NonCommercial-ShareAlike 4.0 International License. %%
%%  To view a copy of this license, visit                           %%
%%  http://creativecommons.org/licenses/by-nc-sa/4.0/.              %%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


% -------------------------------------------
% SUBSECTION
% ------------------------------------------- 
\subsection{Summary of the DNS Configuration} 

All the containers are already configured for this lab. 
We provide a summary here, so students are aware of 
these configurations. Detailed explanation
of the configuration can be found from the manual.



\paragraph{Local DNS Server.} 
We run the BIND 9 DNS server program on the local DNS server. 
BIND 9 gets its configuration from a file called \path{/etc/bind/named.conf}. This file
is the primary configuration file, and it usually contains several \texttt{"include"}
entries, i.e., the actual configurations are stored in those included files. One of the
included files is called \path{/etc/bind/named.conf.options}. 
This is where the actual configuration is set. 


\begin{itemize}
\item \textit{Simplification.}
DNS servers now randomize
the source port number in their DNS queries; this makes the attacks much more
difficult. Unfortunately, many DNS servers still use predictable source
port number.  For the sake of simplicity in this lab, we fix the
source port number to  {\tt 33333} in the 
configuration file. 

\item \textit{Turning off DNSSEC.} 
DNSSEC is introduced to protect against spoofing attacks on DNS servers.
To show how attacks work
without this protection mechanism, we have turned off the protection 
in the configuration file. 


\item \textit{DNS cache.}
During the attack, we need to inspect the DNS cache on the local DNS server.
The following two commands are related to DNS cache.
The first command dumps the content of the cache to the file 
\path{/var/cache/bind/dump.db}, 
and the second command clears the cache.

\begin{lstlisting}
# rndc dumpdb -cache    // Dump the cache to the specified file
# rndc flush            // Flush the DNS cache
\end{lstlisting}

\item \textit{Forwarding the \texttt{attacker32.com} zone.}
A forward zone is added to the local DNS server,
so if anybody queries the \texttt{attacker32.com} domain, 
the query will be forwarded to this domain's nameserver, which
is hosted in the attacker container. The zone entry
is put inside the \texttt{named.conf} file. 

\begin{lstlisting}
zone "attacker32.com" {
    type forward;
    forwarders { 
        10.9.0.153; 
    };
};
\end{lstlisting}
\end{itemize}



\paragraph{User machine.}
The user container {\tt 10.9.0.5} is already 
configured to use {\tt 10.9.0.53} as its local DNS server.
This is achieved by changing
the resolver configuration file~(\texttt{/etc/resolv.conf}) of the user machine,
so the server \texttt{10.9.0.53} is added as the first \texttt{nameserver} entry in the file, i.e.,
this server will be used as the primary DNS server.


\paragraph{Attacker's Nameserver.}
On the attacker's nameserver, we host two zones. One is 
the attacker's legitimate zone \texttt{attacker32.com}, and the other 
is the fake \texttt{example.com} zone. The zones are 
configured in \path{/etc/bind/named.conf}:

\begin{lstlisting}
zone "attacker32.com" {
        type master;
        file "/etc/bind/attacker32.com.zone";
};

zone "example.com" {
        type master;
        file "/etc/bind/example.com.zone";
};
\end{lstlisting}

